Acct Mgmt, Billing, Support

Question 1

AWS Organizations

Answer 1

• Global service
• Allows to manage multiple AWS accounts
• The main account is the master account
• Cost Benefits:
• Consolidated Billing across all accounts - single payment method
• Pricing benefits from aggregated usage (volume discount for EC2, S3…)
• Pooling of Reserved EC2 instances for optimal savings
• API is available to automate AWS account creation
• Restrict account privileges using Service Control Policies (SCP)

Question 2

Multi Account Strategies

Answer 2

• Create accounts per department, per cost center, per dev / test /
  prod, based on regulatory restrictions (using SCP), for better
  resource isolation (ex: VPC), to have separate per-account
  service limits, isolated account for logging
• Multi Account vs One Account Multi VPC
• Use tagging standards for billing purposes
• Enable CloudTrail on all accounts, send logs to central S3 account
• Send CloudWatch Logs to central logging account

Question 3

SCP

Answer 3

Service Control Policies

Whitelist or blacklist IAM actions
* Applied at the OU or Account level
* Does not apply to the Master Account
* SCP is applied to all the Users and Roles of the Account, including Root user
* The SCP does not affect service-linked roles
* Service-linked roles enable other AWS services to integrate with AWS Organizations
and can’t be restricted by SCPs.
* SCP must have an explicit Allow (does not allow anything by default)
* Use cases:
* Restrict access to certain services (for example: can’t use EMR)
* Enforce PCI compliance by explicitly disabling services

Question 4

AWS Organization – Consolidated Billing

Answer 4

• When enabled, provides you with:
• Combined Usage – combine the usage across all AWS accounts in the AWS Organization to
  share the volume pricing, Reserved Instances and Savings Plans discounts
• One Bill – get one bill for all AWS Accounts in the AWS Organization
• The management account can turn off Reserved Instances discount sharing for any
  account in the AWS Organization, including itself

Question 5

AWS Control Tower

Answer 5

• Easy way to set up and govern a secure and compliant multi-account
  AWS environment based on best practices
• Benefits:
• Automate the set up of your environment in a few clicks
• Automate ongoing policy management using guardrails
• Detect policy violations and remediate them
• Monitor compliance through an interactive dashboard
• AWS Control Tower runs on top of AWS Organizations:
• It automatically sets up AWS Organizations to organize accounts and implement
  SCPs (Service Control Policies)

Question 6

AWS RAM

Answer 6

AWS Resource Access Manager

Share AWS resources that
you own with other AWS
accounts
* Share with any account or
within your Organization
* Avoid resource duplication!
* Supported resources include
Aurora, VPC Subnets, Transit
Gateway, Route 53, EC2
Dedicated Hosts, License
Manager Configurations…

Question 7

Pricing Models in AWS

Answer 7

• AWS has 4 pricing models:
• Pay as you go: pay for what you use, remain agile, responsive, meet scale
  demands
• Save when you reserve: minimize risks, predictably manage budgets,
  comply with long-terms requirements
• Reservations are available for EC2 Reserved Instances, DynamoDB Reserved
  Capacity, ElastiCache Reserved Nodes, RDS Reserved Instance, Redshift Reserved
  Nodes
• Pay less by using more: volume-based discounts
• Pay less as AWS grows

Question 8

Compute Pricing
– EC2

Answer 8

On-demand instances:
* Minimum of 60s * Pay per second (Linux/Windows) or per hour (other)

• Reserved instances:
• Up to 75% discount compared to On-demand on hourly rate
  *1 or 3 years commitment
• All upfront, partial upfront, no upfront
• Spot instances:
• Up to 90% discount compared to On-demand on hourly rate
• Bid for unused capacity
• Dedicated Host:
• On-demand
• Reservation for 1 year or 3 years commitment

Savings plans as an alternative to save on sustained usage

Question 9

Compute Pricing
– Lambda & ECS

Answer 9

Lambda:
* Pay per call * Pay per duration

ECS: * EC2 Launch Type Model: No additional fees, you pay for
AWS resources stored and created in your application

Fargate
* Fargate Launch Type Model: Pay for vCPU and memory
resources allocated to your applications in your containers

Question 10

Storage Pricing – S3

Answer 10

• Storage class: S3 Standard, S3 Infrequent Access, S3 One-Zone IA, S3
  Intelligent Tiering, S3 Glacier and S3 Glacier Deep Archive
• Number and size of objects: Price can be tiered (based on volume)
• Number and type of requests
• Data transfer OUT of the S3 region
• S3 Transfer Acceleration
• Lifecycle transitions
• Similar service: EFS (pay per use, has infrequent access & lifecycle rules)

Question 11

Storage Pricing
- EBS

Answer 11

• Volume type (based on performance) * Storage volume in GB per month provisionned * IOPS: * General Purpose SSD: Included * Provisioned IOPS SSD: Provisionned amount in IOPS * Magnetic: Number of requests * Snapshots: * Added data cost per GB per month * Data transfer: * Outbound data transfer are tiered for volume discounts * Inbound is free

Question 12

Database Pricing - RDS

Answer 12

Per hour billing
* Database characteristics:
* Engine
* Size
* Memory class
* Purchase type:
* On-demand
* Reserved instances (1 or 3 years) with required up-front
* Backup Storage: There is no additional charge for backup storage up to
100% of your total database storage for a region.
* Additional storage (per GB per month) * Number of input and output requests per month * Deployment type (storage and I/O are variable): * Single AZ * Multiple AZs * Data transfer: * Outbound data transfer are tiered for volume discounts * Inbound is free

Question 13

Pricing – CloudFront

Answer 13

• Pricing is different across different geographic regions * Aggregated for each edge location, then applied to your bill * Data Transfer Out (volume discount) * Number of HTTP/HTTPS requests

Question 14

Savings Plan

Answer 14

Commit a certain $ amount per hour for 1 or 3 years * Easiest way to setup long-term commitments on AWS * EC2 Savings Plan * Up to 72% discount compared to On-Demand * Commit to usage of individual instance families in a region (e.g. C5 or M5) * Regardless of AZ, size (m5.xl to m5.4xl), OS (Linux/Windows) or tenancy * All upfront, partial upfront, no upfront * Compute Savings Plan * Up to 66% discount compared to On-Demand * Regardless of Family, Region, size, OS, tenancy, compute options * Compute Options: EC2, Fargate, Lambda * Machine Learning Savings Plan: SageMaker… * Setup from the AWS Cost Explorer console

Question 15

AWS Compute Optimizer

Answer 15

Reduce costs and improve performance by recommending optimal AWS resources for your
workloads
* Helps you choose optimal configurations and right
- size your workloads (over/under provisioned)
* Uses Machine Learning to analyze your resources’
configurations and their utilization CloudWatch
metrics
* Supported resources * EC2 instances * EC2 Auto Scaling Groups * EBS volumes * Lambda functions * Lower your costs by up to 25% * Recommendations can be exported to S3

Question 16

Billing and Costing Tools

Answer 16

• Estimating costs in the cloud: * Pricing Calculator

Tracking costs in the cloud: * Billing Dashboard * Cost Allocation Tags * Cost and Usage Reports * Cost Explorer

Monitoring against costs plans: * Billing Alarms * Budgets

Question 17

AWS Pricing Calculator

Answer 17

Estimate the cost for your solution architecture

Question 18

Cost Allocation Tags

Answer 18

Use cost allocation tags to track your AWS costs on a detailed level
* AWS generated tags
* Automatically applied to the resource you create
* Starts with Prefix aws: (e.g. aws: createdBy)
* User-defined tags
* Defined by the user
* Starts with Prefix user:

Question 19

Cost Explorer

Answer 19

Visualize, understand, and manage your AWS costs and usage over time
* Create custom reports that analyze cost and usage data.
* Analyze your data at a high level: total costs and usage across all accounts
* Or Monthly, hourly, resource level granularity
* Choose an optimal Savings Plan (to lower prices on your bill)
* Forecast usage up to 12 months based on previous usage

Question 20

Billing Alarms

Answer 20

in CloudWatch * Billing data metric is stored
in CloudWatch us-east1
* Billing data are for overall
worldwide AWS costs
* It’s for actual cost, not for
projected costs
* Intended a simple alarm (not
as powerful as AWS
Budgets)

Question 21

AWS Budgets

Answer 21

• Create budget and send alarms when costs exceeds the budget
• 4 types of budgets: Usage, Cost, Reservation, Savings Plans
• For Reserved Instances (RI)
• Track utilization
• Supports EC2, ElastiCache, RDS, Redshift
• Up to 5 SNS notifications per budget
• Can filter by: Service, Linked Account, Tag, Purchase Option, Instance
  Type, Region, Availability Zone, API Operation, etc…
• Same options as AWS Cost Explorer!
• 2 budgets are free, then $0.02/day/budget

Question 22

AWS Cost Anomaly Detection

Answer 22

• Continuously monitor your cost and usage using ML to detect unusual spends
• It learns your unique, historic spend patterns to detect one-time cost spike and/or
  continuous cost increases (you don’t need to define thresholds)
• Monitor AWS services, member accounts, cost allocation tags, or cost categories
• Sends you the anomaly detection report with root-cause analysis
• Get notified with individual alerts or daily/weekly summary (using SNS)

Question 23

AWS Service Quotas

Answer 23

• Notify you when you’re close to a service quota value threshold
• Create CloudWatch Alarms on the Service Quotas console
• Example: Lambda concurrent executions
• Request a quota increase from AWS Service Quotas or shutdown resources before limit is reached

Question 24

Trusted Advisor

Answer 24

No need to install anything
– high level AWS account assessment
* Analyze your AWS accounts and provides
recommendation on 6 categories: * Cost optimization * Performance * Security * Fault tolerance * Service limits * Operational Excellence
* Business & Enterprise Support plan * Full Set of Checks * Programmatic Access using AWS Support API